CVE-2024-50495 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-50495?

CVE-2024-50495 has a CVSS score of 10.0 (CRITICAL). This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Plugin Propagator. This affects all WordPress sites using Plugin Propagator version 0.1 or earlier, potentially leading to complete server compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Plugin Propagator. This affects all WordPress sites using Plugin Propagator version 0.1 or earlier, potentially leading to complete server compromise.

💻 Affected Systems

Products:

WidgiLabs Plugin Propagator WordPress plugin

Versions: 0.1 and earlier

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin version enabled.

📦 What is this software?

Plugin Propagator by Widgilabs

View all CVEs affecting Plugin Propagator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover, data exfiltration, ransomware deployment, and use as attack platform for further network penetration.

🟠

Likely Case

Web shell upload leading to website defacement, data theft, and backdoor persistence on the server.

🟢

If Mitigated

File uploads blocked or restricted to safe types only, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication.

🏢 Internal Only: LOW - Primarily affects internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with malicious file upload, widely available exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Immediately disable and remove the Plugin Propagator plugin. 2. Check for any uploaded malicious files. 3. Consider using alternative plugins with proper security controls.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rule

all

Block file upload requests to the vulnerable plugin endpoint

WAF specific - configure to block POST requests containing file uploads to /wp-content/plugins/propagator/

File System Permissions Restriction

linux

Remove write permissions from plugin upload directory

chmod -R 755 /path/to/wordpress/wp-content/plugins/propagator/
chown -R www-data:www-data /path/to/wordpress/wp-content/plugins/propagator/

🧯 If You Can't Patch

Disable the Plugin Propagator plugin immediately
Implement strict file upload validation at web server level

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'Propagator' version 0.1 or earlier

Check Version:

wp plugin list --name=propagator --field=version (if WP-CLI installed)

Verify Fix Applied:

Confirm plugin is deactivated or removed, and no suspicious files exist in wp-content/uploads/

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-content/plugins/propagator/ with file uploads
Unusual file creations in wp-content/uploads/ with .php, .jsp, .asp extensions

Network Indicators:

HTTP POST requests with multipart/form-data to plugin paths
Unexpected outbound connections from web server

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/propagator/" AND method="POST" AND content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2024-50495

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: October 28, 2024

Last Updated: November 8, 2024

🔗 References

https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50495, you might also want to check these: